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Abstract 

We  show  that  the  universal  Horn  theory  of  relational  Kleene  algebras  is  I i  [  - 
complete. 


1  Introduction 

Kleene  algebra  (KA)  is  fundamental  and  ubiquitous  in  computer  science.  Since  its  inven¬ 
tion  by  Kleene  in  1956,  it  has  arisen  in  various  forms  in  program  logic  and  semantics, 
relational  algebra,  automata  theory,  and  the  design  and  analysis  of  algorithms.  Many  au¬ 
thors  have  contributed  to  the  development  of  Kleene  algebra  over  the  years  (see  [11]  and 
references  therein). 

On  the  practical  side,  KA  provides  a  natural  and  effective  tool  for  equational  specifi¬ 
cation  and  verification.  It  has  recently  been  used  successfully  in  numerous  applications 
involving  basic  safety  analysis,  low-level  program  transformations,  compiler  optimiza¬ 
tion,  and  concurrency  control  [1,  2,  3,  10,  12], 

The  equational  theory  of  KA  has  been  well  studied.  The  equational  theory  alone  is 
PS  PA  CZr  -  complete  [14],  and  this  is  as  efficient  as  one  could  expect.  However,  in  practice, 
one  often  needs  to  reason  in  the  presence  of  assumptions  of  various  forms.  For  example, 
a  commutativity  condition  pq  =  qp  models  the  fact  that  the  programs  p  and  q  can  be 
executed  in  either  order  with  the  same  result,  and  the  condition  p  =  pb,  where  b  is  a  test, 
models  the  fact  that  the  execution  of  the  program  p  causes  b  to  hold  immediately  after¬ 
ward.  Such  assumptions  arc  needed  to  reason  about  basic  program  transformations  such 
as  constant  propagation  and  moving  static  computations  out  of  loops.  Several  examples 
of  this  style  of  reasoning  are  given  in  [1,  10]. 


Thus  the  universal  Horn  theory  is  of  interest.  A  universal  Horn  formula  is  an  impli¬ 
cation  E  — >  s  =  t,  where  E  is  a  finite  set  of  equations.  The  word  “universal”  refers  to  the 
fact  that  the  atomic  symbols  of  E,  s,  and  t  arc  implicitly  universally  quantified,  although 
we  are  usually  only  interested  in  specific  substitution  instances.  In  typical  applications, 
the  set  E  postulates  basic  assumptions  about  the  interaction  of  atomic  programs  and  tests 
such  as  pq  =  qp  or  p  =  pb,  and  the  conclusion  s  =  t  represents  the  equivalence  of  the 
optimized  and  unoptimized  program.  The  universal  Horn  theory  of  a  class  of  structures 
C  is  the  set  of  universal  Horn  formulas  valid  under  all  interpretations  over  structures  in 
C.  The  equational  theory  is  the  restricted  case  in  which  E  is  empty.  The  universal  Horn 
theory  of  Kleene  algebras  is  a  natural  consideration,  since  the  axiomatization  of  KA  is 
itself  of  this  form. 

Whereas  the  equational  theories  of  various  natural  subclasses  of  Kleene  algebras  coin¬ 
cide,  their  Horn  theories  do  not.  For  example,  consider  the* -continuous  algebras  (KA*). 
A  Kleene  algebra  is  * -continuous  if  it  satisfies  the  infinitary  condition 

>k  r» 

pq  r  =  sup  pq  r , 

n>0 

where  the  supremum  is  with  respect  to  the  natural  order  in  the  Kleene  algebra.  Not  all 
Kleene  algebras  are  *-continuous,  but  all  known  naturally  occurring  ones  arc.  Although 
* -continuity  often  provides  a  convenient  shortcut  in  equational  proofs,  there  arc  no  more 
equations  provable  with  it  than  without  it;  that  is,  the  equational  theories  of  KA  and  KA 
coincide  [9].  However,  it  was  shown  in  [11]  that  the  universal  Horn  theory  of  KA*  is  H  j  - 
complete,  whereas  that  of  KA  is  recursively  enumerable,  since  it  has  a  finitary  complete 
first-order  axiomatization.  Thus  the  universal  Horn  theories  of  KA  and  KA*  diverge. 
Despite  this  fact,  there  is  no  known  natural  example  of  a  universal  Horn  formula  that  is 
valid  over  * -continuous  interpretations  but  not  valid  in  general. 

One  important  class  of  * -continuous  interpretations  is  the  family  of  relational  models. 
In  these  models,  elements  arc  binary  relations  on  a  set  X  and  the  KA  operators  have 
standard  binary  relation-theoretic  interpretations:  the  operator  •  is  interpreted  as  relational 
composition  o,  +  as  union  U,  0  and  1  as  the  empty  relation  0  and  the  identity  relation 
{(it,  it)  ii  €  X)  on  A',  respectively,  and  *  as  reflexive  transitive  closure.  The  class  of 
all  relational  Kleene  algebras  is  denoted  REL.  This  class  is  important  because  it  is  the 
preferred  class  of  interpretations  for  applications  in  program  semantics  and  verification. 

Again,  the  equational  theory  of  REL  coincides  with  that  of  KA  and  KA*  [13],  but  the 
Horn  theories  diverge.  Every  relational  model  is  * -continuous,  so  the  inclusion  holds  in 
one  direction;  however,  p<l—+p2=pisan  example  of  a  relationally  valid  formula 
that  does  not  hold  in  all  * -continuous  algebras.  In  particular,  it  does  not  hold  in  the 
* -continuous  min,+  (tropical)  algebra  used  in  shortest  path  algorithms. 

Given  the  importance  of  relational  models  in  program  semantics  and  verification,  it  is 
interesting  to  characterize  their  universal  Horn  theory.  Two  interesting  questions  arc : 
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(i)  What  is  the  complexity  of  deciding  whether  a  given  universal  Horn  formula  in  the 
language  of  Kleene  algebra  is  valid  over  all  relational  interpretations? 

(ii)  Is  it  possible  to  characterize  this  theory  axiomatic  ally? 

Our  main  result  is  a  solution  to  problem  (i).  We  show  that  the  universal  Horn  theory  of 
REL  is  H  j  -complete.  Although  related  to  the  results  and  constructions  of  [1 1],  neither  the 
upper  nor  the  lower  bound  follows  from  results  of  [11];  both  require  new  constructions. 

2  Kleene  Algebra 

Kleene  algebra  (KA)  is  the  algebra  of  regular  expressions  [4,  8].  The  axiomatization  used 
here  is  from  [9].  A  Kleene  algebra  is  an  algebraic  structure  (K.  +,  *,  0,  1)  that  is  an 

idempotent  semiring  under  +,  0, 1  such  that  p* q  is  the  <-least  solution  to  q  +  px  <  x 
and  qp*  is  the  <-least  solution  to  q+xp  <  x.  Here  <  refers  to  the  natural  partial  order  on 

dgf 

K:  p  <  q  p  +  q  =  q.  This  is  a  universal  Horn  axiomatization.  A  Kleene  algebra  is 
* -continuous  if  it  satisfies  the  stronger  infirmary  property  p<f'r  =  sup  npqnr.  The  family 
of  * -continuous  Kleene  algebras  is  denoted  KA’1'.  It  is  a  proper  subclass  of  the  Kleene 
algebras,  but  all  naturally  occurring  Kleene  algebras  are* -continuous. 

The  axioms  for  *  say  essentially  that  *  behaves  like  the  Kleene  asterate  operator  of 
formal  language  theory  or  the  reflexive  transitive  closure  operator  of  relational  algebra. 

Kleene  algebra  is  a  versatile  system  with  many  useful  interpretations.  Standard  mod¬ 
els  include  the  family  of  regular  sets  over  a  finite  alphabet;  the  family  of  binary  relations 
on  a  set;  and  the  family  of  n  x  n  matrices  over  another  Kleene  algebra.  Other  more  un¬ 
usual  interpretations  include  the  min,+  algebra,  also  known  as  the  tropical  semiring,  used 
in  shortest  path  algorithms,  and  models  consisting  of  convex  polyhedra  used  in  computa¬ 
tional  geometry. 

If  P  is  a  set  of  atomic  program  symbols,  a  regular  expression  over  P  is  just  a  term 
over  the  signature  0,  1  of  KA  with  atomic  symbols  in  P.  The  set  of  all  regular 

expressions  over  P  is  denoted  RExpP.  Given  an  interpretation  I  :  RExpP  — >  K  over  a 
Kleene  algebra  K  and  a  quantifier-free  equational  Horn  formula  p,  we  write  K,  I  1=  p  if 
p  is  true  under  the  interpretation  I  under  the  usual  semantics  of  first-order  logic.  We  write 
KA  1=  p  and  say  that  p  is  valid  if  it  is  true  under  all  interpretations.  We  write  KA*  1=  p  if 
p  is  true  under  all  interpretations  over  * -continuous  algebras.  We  write  REL  1=  p  and  say 
that  p  is  relationally  valid  if  it  is  true  under  all  relational  interpretations. 

Let  Regp  denote  the  Kleene  algebra  of  regular  sets  of  strings  over  the  alphabet  P.  The 
standard  interpretation  R  :  RExpP  — ►  RegP  mapping  p  to  {/>},  p  6  P.  is  universal  for  the 
equational  theory  of  Kleene  algebra;  that  is,  KA  1=  s  =  t  iff  Regp,  R\=  s  =  t.  Thus  Regp 
is  the  free  Kleene  algebra  on  generators  P  [9].  This  equational  theory  also  coincides  with 
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the  equational  theories  of  KA*  and  REL  [13].  Thus  if  Lp  is  a  valid  equation,  we  can  write 
1=  <p,  omitting  the  KA,  KA*,  or  REL  before  the  symbol  K 

3  Main  Results 

In  this  section  we  prove  the  main  result  of  this  paper:  deciding  the  relational  validity 
of  Horn  formulas  of  Kleene  algebra  is  IT]  -complete  (Corollary  3.10).  The  lower  bound 
depends  partially  on  encoding  Turing  machine  computations  as  monoid  equations.  This 
part  of  this  construction  is  more  or  less  standard  (see  [5])  and  similar  to  [11],  but  the 
actual  reduction  to  the  Horn  theory  of  REL  is  new. 

3.1  Restricted  Turing  Machines 

Without  loss  of  generality,  we  consider  only  total  deterministic  Turing  machines  M  that 
conform  to  the  following  restrictions. 

•  M  has  input  alphabet  {a}  and  finite  tape  alphabet  T  containing  a  and  two  special 
blank  symbols  i>  and  <i  distinct  from  each  other  and  from  a.  The  alphabet  T  may 
contain  other  symbols  as  well. 

•  M  has  a  finite  set  of  states  Q  disjoint  from  T  containing  at  least  a  start  state  s,  an 
accept  state  t,  and  a  reject  state  r,  all  distinct.  There  are  no  transitions  into  the  start 
state  s  and  no  transitions  out  of  t  or  r.  Thus,  once  M  enters  a  halt  state,  it  cannot 
proceed. 

•  Transitions  of  M  are  of  the  form  ((p.  b).  (q,  c,  d)),  where  p,  q  E  Q,  b,  c  E  T,  and 
d  E  {left, right},  indicating  that  when  M  is  in  state  p  scanning  symbol  6,  it  writes 
c  on  the  current  tape  cell,  moves  its  tape  head  one  cell  in  direction  d,  and  enters 
state  q.  For  every  (p.  b)  with  p  0  {t,  r},  there  is  exactly  one  ( q ,  c,  d)  such  that 
((F)  b),  (q,  c,  d))  is  a  transition  of  M. 

•  M  has  a  single  two-way-infinite  read-write  tape  padded  on  the  left  by  infinitely 
many  blanks  >  and  on  the  right  by  infinitely  many  blanks  < .  M  never  writes  >  to 
the  right  of  a  nonblank  symbol  or  <  and  never  writes  <  to  the  left  of  a  nonblank 
symbol  or  > .  Thus  the  tape  always  contains  a  unique  finite  contiguous  string  (pos¬ 
sibly  null)  of  nonblank  symbols  surrounded  by  infinitely  many  blank  symbols  >  on 
the  left  and  <  on  the  right. 

•  If  M  either  reads  or  writes  >,  it  must  move  right,  and  if  it  either  reads  or  writes  <, 
it  must  move  left.  Thus  M  never  moves  more  than  one  cell  away  from  the  nonblank 
portion  of  the  tape. 
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•  Inputs  to  Af  arc  pairs  (m,  n)  £  w2,  represented  as  a  pair  of  strings  am,  a”.  On  input 
(to,  n),  Af  starts  in  state  s  with  am+n  written  on  its  tape  and  its  head  scanning  the 
to  +  1st  symbol  of  am+n,  or  the  <  immediately  following  am  if  n  =  0.  If  M 
accepts  (to,  n),  then  it  does  so  by  entering  state  t  with  d1  written  on  its  tape  and 
its  head  scanning  the  first  <  following  the  d1.  If  Af  rejects,  it  erases  its  tape  and 
enters  state  r  with  its  head  scanning  the  first  < . 

Let  A  =  T  U  Q.  A  configuration  is  a  string  in  A*  of  the  form  >xqy< i  or  q>y<, 
where  x,y  £  (r  —  {>,  <})*  and  q  £  Q.  Configurations  describe  instantaneous  global 
descriptions  of  Af  in  the  course  of  some  computation.  In  the  configuration  >  xqy  < ,  the 
current  state  is  q,  the  tape  currently  contains  the  nonblank  string  xy  surrounded  by  in¬ 
finitely  many  blanks  >  on  the  left  and  <  on  the  right,  and  Af  is  scanning  the  first  symbol 
of  y.  If  y  is  null,  then  Af  is  scanning  the  first  <  to  the  right  of  x.  In  the  configuration 
q  [> y  <] ,  the  current  state  is  q,  and  Af  is  scanning  the  blank  symbol  >  immediately  to  the 
left  of  y.  The  start  configuration  of  Af  on  input  (■ m,n )  is  I >dnsan<.  If  Af  accepts  (■ m,n ), 
the  accept  configuration  is  \>ant< I,  and  if  M  rejects,  the  reject  configuration  is  >r<. 

Let 

{configurations  of  Af}, 

{substrings  of  configurations  of  Af}, 

{prefixes  of  configurations  of  Af"}  C  Sub. 

Note  that  both  Sub  and  Pre  are  closed  under  the  prefix  relation. 

3.2  A  Rewrite  Relation 

Now  we  define  a  rewrite  relation  — >  and  an  associated  set  of  equations  Em  that  describe 

M 

the  operation  of  Af.  The  rewrite  relation  -^consists  of  the  following  rules: 

(i)  for  each  transition  Up,  i>).  (q,  c, right)),  c  f  t>,  the  rule  p >  — >  t >cq\ 

M 

(ii)  for  each  transition  ((p,  b),  (q,  >,  right)),  b  /  >,  the  rule  \>pb  t >q\ 

(iii)  for  any  other  transition  of  the  form  (( p,b ),  (q,  c.  right))  not  covered  by  (i)  or  (ii), 

the  rule  pb  — >  eg; 

M 

(iv)  for  each  transition  ((p,  <),  (g,  c, left)),  c  /  < I,  and  each  e  G  T  —  {<i},  the  rule 

epc  — >  gec<i; 

M 

(v)  for  each  transition  ((p,  6),  (g,  < , left) ),  b  /  <,  and  each  e  G  T  —  {<},  the  rule 

epb<  — >  ge<; 

M 


r-  L.  def 

Config  = 

r  ,  def 

Sub  = 

Pre  d= 
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(vi)  for  any  other  transition  of  the  form  (( p ,  b),  ( q ,  c,  left))  not  covered  by  (iv)  or  (v), 

and  each  e  G  T  —  {  <  },  the  rule  epb  — >  qec. 

L  M 

By  the  restrictions  above,  these  cases  arc  exhaustive.  Let  Em  be  the  set  of  equations 

def 

Em  =  {x  =  y  |  x  y  according  to  (i)-(vi)  above}.  (1) 


The  relation  — >  can  be  used  to  rewrite  configurations  in  a  way  that  mimics  the  com¬ 
putation  of  M.  Thus  we  write  uxv  — >  uyv  whenever  x  — >  y  according  to  (i)-(vi) 

above.  Note  that  every  element  of  Config,  Pre,  or  Sub  has  at  most  one  redex,  and  rewrit¬ 
ing  by  — >  preserves  membership/nonmembership  in  Config,  Pre,  and  Sub.  Moreover, 

M 

every  element  of  Config  except  those  containing  t  or  r  has  exactly  one  redex. 

Let  — >  denote  the  reflexive  transitive  closure  of  — >.  Since  M  is  assumed  to  be  total, 

M  M 

either  M  accepts  ( m,n ),  in  which  case  >amsan<  — >ant.<,  or  M  rejects  ( m,n ),  in 

M 

which  case  t>amsan<]  — >  >r<. 

M 


3.3  A  Lower  Bound 

Consider  a  recursive  relation  R  C  u?.  One  can  think  of  It  as  the  set  of  edges  of  a 
directed  graph  on  vertices  ui.  The  relation  It  is  said  to  be  well-founded  from  vertex  n  if 
all  /i-paths  starting  from  n  are  finite.  Given  such  an  R,  say  by  a  total  Turing  machine  M 
of  the  form  described  in  Section  3.1,  the  question  of  whether  R  is  well-founded  from  any 
given  vertex  is  a  well  known  n} -complete  problem  (see  [6]).  We  will  reduce  this  problem 
to  the  universal  Horn  theory  of  REL,  thereby  showing  that  the  theory  is  I  [j  -hard.  We  will 
give  a  separate  argument  in  Section  3.4  to  show  that  the  theory  is  in  n| . 

Define 


WF  =f  {n  G  oj  |  R  is  well-founded  from  n}. 

If  we  denote  by  R(m )  the  set  of  i?-successors  of  m, 

R(m)  {n  |  (■ m,n )  G  R}, 

then  WF  is  the  C  -least  solution  of  the  recursive  set  equation 

WF  =  {m  |  R(m)  C  WF}. 

Let  /  be  a  choice  function  that  for  any  m  0  WF  gives  f(m)  G  R(m)  —  WF.  Such 
an  f(m)  must  exist  if  m  WF.  Define  f(m)  =  m  for  m  G  WF.  Thus  if  m  G  WF,  then 
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(■ to, /(to ))  0  R,  and  if  to  0  WF,  then  (/*(m), /*+1(m))  £  R  for  all  i  >  0,  therefore 
to,  /(to),  /2(m),  ...  is  an  infinite  /(-path  through  the  graph. 

Let  M  be  a  total  Turing  machine  of  the  form  described  in  Section  3.1  accepting  R. 
Let  Em  be  the  finite  set  of  equations  (1),  and  let 

E  d=  Em  U  {t  <  sci*}.  (2) 

We  define  the  relation  — >  on  Sub  by 

t 

(i)  >anty  t>ansa^n>y  for  n  £  u  and  any  y,  and 

(ii)  xty  — >  xsy  for  x  £  Pre  not  of  the  form  >  an  and  any  y. 

Let 


M,t 


def 


and  let  — denote  the  reflexive  transitive  closure  of  — >. 

M,t  M,t 

Lemma  3.1  For  any  x  £  Sub,  there  is  at  most  one  y  such  that  x  — >  y. 

M,t 

Proof.  It  suffices  to  show  this  for  x  £  Config,  since  substrings  of  x  can  contain  no 

more  redexes  than  x.  It  is  true  for  the  relation  — >,  since  M  is  deterministic,  and  true 

M 

for  the  relation  — >  by  construction.  For  the  union  — >,  if  t  occurs  in  x,  then  x  contains 

t  M,t 

no  — TO'cdex,  since  M  has  no  transitions  out  of  state  t.  If  t  does  not  occur  in  x,  then  x 

M 

contains  no  — >-redex.  □ 

t 

Let  =  be  the  string  congruence  on  Sub  generated  by  — >;  that  is,  the  smallest  reflex- 

M,t 

ive,  symmetric,  and  transitive  relation  respecting  concatenation  and  containing  — t 

M,t 

Lemma  3.2  The  following  are  equivalent: 

(i)  x  =  y; 

(ii)  there  exists  z  such  that  x  — z  and  y  — ^  2. 

M,t  M,t 

Proof  Certainly  if  (ii)  holds,  then  x  =  y.  For  the  other  direction,  we  observe  that 

the  relation  on  x,y  defined  by  (ii)  is  a  congruence  containing  — > (transitivity  following 

M,t 

from  Lemma  3.1),  therefore  contains  the  least  such  congruence  =.  □ 
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The  rewrite  relations  and  — — ►  clearly  preserve  membership  in  Config,  Sub,  and 

Pre.  It  is  easily  argued  that  they  preserve  nonmembership  in  Config,  Sub,  and  Pre  as  well. 
It  follows  that  and  =  also  preserve  membership/nonmembership  in  Config,  Sub,  and 

Pre. 

Define 


[x]  =  {y  |  x  =  y} 

Pre/=  =f  {  [x]  |  x  £  Pre}. 

Let  K  be  the  Kleene  algebra  of  all  binary  relations  on  Pre/=. 

For  each  p  £  A,  define 

I(p)  =f  {(  [x]  ,  [xp] )  |  xp  £  Pre}, 

and  extend  I  homomorphically  to  an  interpretation  I  :  RExpA  — r  K.  We  will  show 
below  that  if 


K,I  1=  E  — >  >amt< i  <  >r<, 

then  m  €  WF. 

Lemma  3.3  For  any  y  £  A*, 

I{y)  =  {(  [x]  ,  [xy] )  I  xy  e  Pre}. 

Proof.  The  proof  is  by  induction  on  the  length  of  y.  For  the  empty  string  e,  we  have 
1(e)  =  7(1)  =  {(  [x]  ,  [x]  )  |  x  £  Pre}  =  {(  [x]  ,  [xe]  )  |  xe  £  Pre}. 

Now  assume  the  lemma  holds  for  y.  For  yp,  where  p  £  A, 


i(y)  °  i(p) 

{( [x] ,  [xy] ) 

|  xy  £  Pre}  o  {(  [iu]  ,  [tup]  )  |  wp  £  Pre} 

(3) 

{(  [x]  ,  [wp] ) 

\  xy  =  w  and  wp  £  Pre} 

(4) 

{(  [x]  ,  [wp] ) 

xyp  =  wp  and  wp  £  Pre} 

(5) 

{(  [ari  ,  [xyp] ) 

1  |  xyp  £  Pre}. 

Step  (3)  follows  from  the  induction  hypothesis  and  the  definition  of  I(p).  In  step  (4), 
requiring  xy  £  Pre  is  redundant,  since  Pre  is  closed  under  prefix  and  =  preserves  mem¬ 
bership  in  Pre.  Step  (5)  follows  from  the  fact  that  =  is  a  congruence. 


Conversely,  since  Pre  is  closed  under  prefix, 

{(  [x]  ,  [ xyp ] )  |  xyp  G  Pre} 

C  {(  [x]  ,  [ xy ]  )  |  xy  G  Pre}  o  {( [xy]  ,  [xyp] )  |  xyp  G  Pre} 

=  /(y)ol(p). 

□ 


Lemma  3.4  K,  I  \=  E. 

Proof.  If  y  — >  z,  we  have  y  =  z,  therefore  [xy]  =  [xz]  for  all  x,  since  =  is  a 

M 

congruence.  Moreover,  xy  G  Pre  iff  xz  G  Pre,  since  =  preserves  membership  in  Pre.  By 
Lemma  3.3, 

I(y)  =  {(  [x]  ,  [xy] )  |  xy  G  Pre}  =  {(  [x]  ,  [xz] )  |  xz  G  Pre}  =  I(z). 

Thus  K,  I  \=  y  =  z  for  any  equation  y  =  z  in  Em- 

Now  consider  t  <  sa* .  For  (  [z]  ,  [zt] )  G  I(t),  zt  G  Pre,  let 

£=  I  fW’  ifz=  >ak ’ 

\  0,  otherwise. 

By  definition  of  — >,  zt  =  zsae ,  thus 

t 

(  [z]  ,  [zt]  )  =  (  [z]  ,  [zsa^-] )  G  I(sae)  C  I(sa*), 

therefore  I(t)  C  I(sa*)  and  I\,I  \=  t  <  sa* .  □ 

Lemma  3.5  If  K,  I  \=  >amt<  <  >r<,  then  m  G  WF. 

Proof  Suppose  K,I  \=  >amt<  <  >r< i.  By  Lemma  3.3, 

I(>r<)  =  {(  [z]  ,  [z>r<] )  |  z\>r<  G  Pre}  =  {(  [e]  ,  [>r<] )}, 

since  z\>r<  G  Pre  only  if  z  =  e.  Then 

([£],[ c>amt<i ]  )  G  I(>amt<)  byLemma3.3 
C  7(>r<) 

=  {([e],  [>r<])}, 

so  >amt< i  =  >r<.  By  Lemma  3.2,  there  is  a  z  such  that  t>amf  <1  — z  and  >r-d  — 1 z. 

M,t  M,t 

But  since  contains  no  — r-redexes,  we  must  have  t>amt<  — >r<. 

M,t  M,t 
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Now  if  m  ^  WF,  then 

>amt<  — »•  >amsa/(m)«  -U  >a/(m)f<i  — >  >a/(mW2(m) <  -U  •  •  •  , 
t  m  t  M 

contradicting  Lemma  3.1  and  the  fact  that  >amt< I  — ^  >r<.  Thus  in  €  WF.  □ 

M,t 

Theorem  3.6  The  following  are  equivalent: 

(i)  m  €  WF; 

(ii)  KA*  (=£'—>■  <  >r<; 

(iii)  REL  \=  E  —>  >amt<  <  >r<. 

Proof.  The  argument  for  (i)  =$■  (ii)  is  the  same  as  in  [11],  mutatis  mutandis.  The 
implication  (ii)  =>•  (iii)  is  a  direct  consequence  of  the  inclusion  REL  C  KA\  Finally, 
(iii)  =>  (i)  is  immediate  from  Lemmas  3.4  and  3.5  and  the  fact  that  K  G  REL.  □ 

Corollary  3.7  The  universal  Horn  theory  o/REL  is  IT]  -hard. 

Proof.  Our  construction  of  E  from  M  is  effective,  therefore  constitutes  a  reduction 
from  the  well-foundedness  problem  to  the  Horn  theory  of  REL.  □ 

3.4  An  Upper  Bound 

It  remains  to  show  that  the  universal  Horn  theory  of  REL  is  I  Tj .  We  first  show  that  it 
suffices  to  restrict  our  attention  to  countable  models. 

Lemma  3.8  Let  cp  be  an  arbitrary  first-order  sentence  in  the  language  of  Kleene  algebra. 
The  following  are  equivalent: 

(i)  ip  is  valid  over  all  relational  Kleene  algebras; 

(ii)  (p  is  valid  over  all  countable  relational  Kleene  algebras  over  countably  many  states. 
Proof. 

The  implication  (i)  (ii)  is  immediate. 

For  (ii)  =>•  (i),  suppose  (i)  fails.  Then  there  is  a  relational  Kleene  algebra  and  in¬ 
terpretation  I  over  that  algebra  satisfying  -up.  By  the  downward  Lowenheim-Skolem 
theorem,  that  algebra  has  a  countable  elementary  substructure  K  containing  the  image  of 
I.  Then  K,I  \=  -up.  Let  S  be  the  set  of  states  of  K.  Although  K  is  countable,  S  need 
not  be.  However,  we  can  pare  S  down  to  a  countable  set  of  states  3  while  maintain¬ 
ing  the  algebraic  structure  of  K.  Specifically,  the  map  x  x  [  .S'  will  be  an  injective 
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homomorphism  of  K  into  the  algebra  of  binary  relations  on  8,  where  x  \  S'  denotes 

x  n  (S'  x  s'). 

For  x,y  <E  K  such  that  x  y,  let  ( sxy ,  txy)  G  x  —  y.  For  x,  y  G  K  and  (s,  t)  G  xy, 
let  uxyst  G  S  such  that  ( s,uxyst )  G  x,  (uxyst,t)  G  y.  The  pair  ( sxy,txy )  witnesses  the 
fact  that  x  y,  and  uxyst  witnesses  the  fact  that  (s,  t)  G  xy.  Let  S'  be  the  smallest  set 
of  states  containing  sxy  and  txy  for  x.  y  G  K,  x  f  y,  and  closed  under  the  addition  of 
Uxyst  for  s,i  G  S',  (s,  t)  G  xy.  Note  that  S'  is  countable,  since  it  can  be  constructed  as 
the  union  of  a  countable  chain  of  countable  sets. 

Now  let  K'  be  the  relational  structure  on  S  consisting  of  elements  x  \  S'  for  x  G  K. 
We  claim  that  this  structure  is  a  relational  Kleene  algebra  and  that  the  map  x  ^  x  [  S  is 
an  isomorphism.  The  map  is  surjective  by  definition  and  injective  since  S  contains  sxy 
and  txy. 

To  argue  that  relational  composition  works  correctly,  note  that  for  x.  y  G  K,  for 
any  (s,t)  G  xy  \  S',  we  have  ( s,uxyst )  G  x  \  S'  and  (uxyst,t)  G  y  [  S',  therefore 
(s,t)  G  ( x  |  S')  ■  (y  |  S').  The  reverse  inclusion  is  straightforward,  therefore  xy  \  S  = 

(x  r  S')  •  (y  r  5'). 

That  0  \  S'  =  0,  1  j  S'  =  {(u,u)  \  u  G  S'},  and  (x  +  y)  \  S'  =  x  \  S'  +  y  \  S' 
are  all  straightforward.  That  :r*  |  S'  =  (x  [  S')*  follows  from  the  fact  that  the  map 
x  i — ?  x  \  S'  respects  relational  composition  and  arbitrary  union. 

We  have  constructed  a  countable  relational  model  K  on  countably  many  states  sat¬ 
isfying  -up.  Thus  for  any  p,  p  is  valid  over  all  relational  models  iff  it  is  valid  over  all 
countable  relational  models  on  countably  many  states.  □ 

Theorem  3.9  The  universal  Horn  theory  o/REL  is  in  11} . 

Proof.  We  will  express  the  validity  of  a  KA  sentence  p  as  a  El}  sentence  of  arithmetic. 
This  will  involve  an  arithmetic  encoding  of  sentences  of  KA.  Validity  is  expressed  using 
second-order  universal  quantification  over  all  countable  relational  Kleene  algebras  over 
states  u),  which  is  sufficient  by  Lemma  3.8. 

Let  ( ,  )  :  (J2  — »  uj  be  a  standard  arithmetic  pairing  function.  To  interpret  a  set  X  C  ui 
as  a  countable  relational  Kleene  algebra,  we  interpret  X  as  a  set  of  triples  ( s ,  t  .  m)  G  cV, 
indicating  that  the  pair  ( s,t )  is  in  the  mth  element  of  the  algebra.  We  let  m  =  {(s,  t)  \ 

( s ,  t,  m)  G  X}.  In  formulas,  we  will  write  (s,  t)  G  rn  as  shorthand  for  ( s ,  t ,  m)  G  X. 

The  formula  n  =  m*  can  be  translated  as 

Vs,  t  ((s,  t)  G  n  <-*  3(s0,  si, . . . ,  sk)  (s0  =  s  A  sk  =  t  A  Vz  <  k  (s*,  si+i)  G  m)); 

that  is,  (s,  t)  Gii  iff  (s,  t)  G  mk  for  some  k  >  0.  The  quantification  over  arbitrary  finite 
sequences  of  natural  numbers  can  be  coded  using  Godel’s  (3  function  (see  [7,  p.  238]). 
The  translations  of  n  =  0,  n  =  1,  n  =  (  +  77r,  and  n  =  frri  are  similar. 
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We  now  define  the  predicate  IsModel(X): 

_  _  — 

W,  m  3no,  ni,n2,ns,  n 4  (n  0  =  0Ani  =  lAn2  =  f  +  mAn3  =  im  l\n^  =  i  ). 

This  says  that  X  does  in  fact  encode  a  relational  model.  Note  that  IsModel(.A)  does  not 
require  m/nform/n. 

Using  the  coding  above,  for  any  first-order  sentence  <p  in  the  language  of  Kleene 
algebra,  we  can  effectively  construct  a  predicate  Models^  (26)  that  says  that  X  models 
ip.  The  formula  Models  ^(26)  uses  only  first  order  quantifiers.  Instead  of  quantifying  over 
interpretation  functions  separately,  we  adopt  the  convention  that  the  n  constant  symbols 
appealing  in  tp  will  be  interpreted  as  the  first  n  elements  of  X,  so  that  X  is  really  a  model 
paired  with  an  interpretation.  For  example,  if  <p  is  Mx  (x  +  c*  =  c),  and  if  we  wish  to 
interpret  the  constant  c  as  0,  then  Models^  (26)  would  be 

Vx3yi,y2y1  =  0  A  y2  =  x  +  yx  A  y2  =  0. 

The  validity  of  <p  over  relational  models  can  then  be  expressed 
MX  IsModel(X)  —1  Models^(X), 


which  is  fl^ .  □ 

Corollary  3.10  The  Horn  theory  of  REL  is  II \-complete. 
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